VA Information Technology

This testimony focuses on the status of the Department of Veterans Affairs' (VA) efforts in seven areas of its information technology (IT) program: improving its process for selecting, controlling and evaluating IT investments; filling the chief information officer position; developing a strategy for reengineering its business processes; completing a departmentwide integrated systems architecture; tracking its IT expenditures; implementing the Veterans Health Administration (VHA) Decision Support System and the Veterans Benefits Administration's (VBA) compensation and pension replacement project; and improving the department's computer security. Progress has been made in some of these areas, such as IT investment decision-making and selecting a chief information officer. In other areas, plans have changed--the Department no longer plans to develop an overall strategy for reengineering its business processes to function as "One VA," nor has it defined the integrated IT architecture needed to efficiently acquire and use information systems across VA. No uniform mechanism is in place throughout VA that tracks IT spending; instead, VA's different offices use various mechanisms for tracking IT expenditures. VHA's Decision Support System and VBA's compensation and pension replacement project continue to face challenges. Although VA has begun to address computer security weaknesses, it will have few guarantees that financial information and sensitive medical records are adequately protected until it develops and implements a comprehensive, coordinated security management program.

GAO noted that: (1) overall, VA's IT investment decision-making process has improved, and it has started to implement recommendations GAO enumerated in May and August of this year; (2) further, VA is obtaining a full-time CIO now that the Administration has identified a candidate for the position; (3) however, the department no longer plans to develop an overall strategy for reengineering its business process to effectively function as "One VA," nor has it defined the integrated IT architecture needed to efficiently acquire and utilize information systems across VA; (4) in addition, VA lacks a uniform mechanism that readily tracks IT expenditures; (5) instead, VA's different offices use various mechanisms for tracking IT expenditures; (6) VHA's Decision Support System (DSS) and VBA's compensation and pension replacement project continue to face challenges; (7) as demonstrated in a survey to all Veterans Integrated Service Networks and medical centers directors, DSS is not being fully utilized; (8) in addition, while VBA plans to pilot test portions of its compensation and pension replacement system in January 2001, other key issues need to be addressed before the system can be fully implemented; (9) for example, VBA does not have a plan or schedule for converting data from the old system to the new system and exchanging data between the new system and other systems; (10) regarding computer security, VA has begun to address weaknesses identified by GAO and its Office of Inspector General; and (11) until it develops and implements a comprehensive, coordinated security management program, VA will have limited assurance that financial information and sensitive medical records are adequately protected from misuse, unauthorized disclosure, and destruction.